









Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A comprehensive overview of network security fundamentals, covering topics such as zero trust security models, network hardening, firewalls, intrusion detection and prevention systems, and access control. It includes a series of questions and answers that test understanding of key concepts and best practices. Ideal for students and professionals seeking to enhance their knowledge of network security.
Typology: Exams
1 / 17
This page cannot be seen from the preview
Don't miss anything!










What is a zero trust security model? - answer Everything in the network is considered untrustworthy until proven otherwise. What are the risks that devices on a network are exposed to? - answer Malware, malicious users, intruders, bots, misconfigurations, failures. Why is security implemented in redundant layers? - answer To protect resources from every angle. What are the main functions of a router? - answer To examine packets and determine their destination based on network layer addressing information. What are ACLs used for in routers? - answer To decline forwarding certain packets. What variables can be used in an ACL to permit or deny traffic? - answer Network layer protocol, transport layer
protocol, source IP address, destination IP address, TCP or UDP port number. What does a router do when it receives a packet? - answer Refers to its ACL for permit or deny criteria, drops the packet if any deny characteristics match, forwards the packet if permit characteristics match, drops the packet if it doesn't match any criteria (implicit deny rule). What is the purpose of assigning separate ACLs to each interface on a router? - answer To control inbound and outbound traffic on each interface. What command is used to assign a statement to an already-installed ACL? - answer access-list command. What arguments must be included in the access-list command? - answer The ACL identifier and a permit or deny argument. What is an example of an access-list command to permit ICMP traffic? - answer access-list acl_2 permit icmp any. What is an example of an access-list command to permit TCP traffic from a specific host to another specific host? - answer access-list acl_2 permit tcp host 2.2.2.2 host 5.5.5.5.
What is the purpose of implementing security in redundant layers? - answer To ensure that if one layer fails, there are other layers to provide protection. What is the impact of the number of statements or tests on a router's performance? - answer The more statements or tests a router must scan, the longer it takes for the router to act. What does the control plane refer to? - answer The control plane is the decision-making layer of connected networking devices. What is Control Plane Policing (COPP)? - answer Control Plane Policing (COPP) is a feature that can be used to rate-limit traffic on the control plane and management plane of routers and switches. What are the steps to configure CoPP on a switch or router? - answer 1. Define an ACL to identify relevant traffic for CoPP policies. 2. Create a class map to classify traffic based on defined criteria. 3. Match the class to identified traffic using the match access-group command.
What is Router Advertisement (RA) Guard? - answer Router Advertisement (RA) Guard is a feature that filters RA messages to ensure they only come from specific interfaces on the switch. What are the vulnerabilities created by unauthenticated RA messages? - answer 1. Malicious RA messages can misconfigure network clients. 2. High volumes of RA messages can create a network DoS attack. What criteria can RA guard use to filter RA messages? - answer RA guard can filter RA messages based on source MAC or IP address, router priority, or other options. How is RA guard configured on Cisco switches? - answer RA guard is configured using the raguard command. What is DHCP snooping? - answer Switch feature to prevent rogue DHCP servers How is DHCP snooping configured on a Cisco switch? - answer Using the ip dhcp snooping command What is Dynamic ARP Inspection (DAI)? - answer Switch feature to protect against ARP spoofing attacks
Where can a firewall be placed? - answer Between interconnected private networks or between a private and public network What are other network devices that may have firewall features? - answer Routers, switches, and other network devices What are host-based firewalls? - answer Firewalls that only protect the computer on which they are installed What is a packet-filtering firewall? - answer A network device or application that examines packet headers. What does a packet-filtering firewall use to determine if it needs to block traffic? - answer ACL (Access Control List) What are some common criteria used by a packet-filtering firewall to accept or deny traffic? - answer Source and destination IP addresses, ports, TCP header flags, UDP or ICMP protocols, packet status as first or subsequent in a data stream, inbound or outbound status What does port blocking do? - answer Prevents connection and transmission through blocked ports
What are some optional functions of a firewall? - answer Encryption, user authentication, centralized management, easy rule establishment, logging and auditing capabilities, protection of internal LAN's address identity, stateful firewall monitoring of existing traffic streams What is a stateless firewall? - answer Manages each incoming packet as a standalone entity without regard to active connections What is application layer filtering? - answer Filtering that occurs at the application layer of the network protocol stack What is the function of firewall rules? - answer To secure traffic as it enters, exits, and traverses the network. How do firewall rules provide granular control? - answer By checking for information such as port, protocol, and IP address or CIDR range. What is the most common cause of firewall failure? - answer Firewall misconfiguration.
What can an IDS do? - answer Detect and log suspicious activity. What is an IPS? - answer An intrusion prevention system that reacts to suspicious activity when alerted. How does an IPS prevent traffic? - answer By preventing traffic from flowing to the network based on the originating IP address. What is NIPS? - answer Network-based intrusion prevention that can protect entire networks. What is HIPS? - answer Host-based intrusion prevention that protects a specific host. What security technologies do cloud platforms often embed? - answer Security technologies to protect against cloud-specific security challenges. What are some common features of cloud security tools?
What is the shared responsibility model in cloud security?
What is SOD (separation of duties)? - answer Division of labor to prevent compromise of resources. What is a log file viewer? - answer Tool to monitor log files for events. How can Windows logs be viewed? - answer Using Event Viewer. What is SIEM (Security Information and Event Management)? - answer System to evaluate log data for significant events. What determines the effectiveness of a SIEM? - answer Amount of storage space needed for data. How can network administrators fine-tune a SIEM's configuration rules? - answer For specific needs. What is a directory service? - answer Database of account information. Give examples of directory services. - answer AD, OpenLDAP, 389 Directory Server.
What is LDAP (Lightweight Directory Access Protocol)? - answer Standard protocol for accessing a directory. How is AD (Active Directory) configured? - answer To use the Kerberos protocol. What is Kerberos? - answer Cross-platform authentication protocol using key encryption. What is a private key encryption service? - answer Example: Kerberos. What are the terms related to Kerberos? - answer Principal, KDC, ticket. What are the two services run by a Kerberos server? - answer AS (authentication service) and TGS (ticket- granting service). What does TGS do? - answer Alleviates the need for the client to request a new ticket from the TGS each time it wants to use a different service on the network. What is SSO? - answer Single Sign-On is a form of authentication where a client signs on once to access multiple systems or resources.
What is RADIUS? - answer RADIUS (Remote Authentication Dial-In User Service) is a cross-platform, open-source standard. Where does RADIUS run? - answer RADIUS runs in the application layer and can use either UDP or TCP in the Transport layer. It can operate as an application on a remote access server or on a dedicated RADIUS server. What can RADIUS authenticate? - answer RADIUS can be used to authenticate wireless, mobile, and remote users. What are RADIUS services often combined with? - answer RADIUS services are often combined with other network services on a single machine. What is TACACS+? - answer TACACS+ (Terminal Access Controller Access Control System Plus) offers the option of separating authentication, authorization, and auditing capabilities. How does TACACS+ differ from RADIUS? - answer TACACS+ relies on TCP, not UDP, at the Transport layer. It is a proprietary protocol developed by Cisco Systems, Inc. and is typically used to authenticate network devices such as routers and switches.
What is AAA? - answer Authentication, Authorization, and Accounting What is the purpose of AAA? - answer Device administration access control for technicians What does AAA encrypt? - answer All information transmitted